公开(公告)号：US20220214976A1

公开(公告)日：2022-07-07

申请号：US17706396

申请日：2022-03-28

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC分类号： G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

摘要： Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US20220100866A1

公开(公告)日：2022-03-31

申请号：US17548938

申请日：2021-12-13

申请人： Intel Corporation

发明人： Baiju Patel ,  Prashant Dewan

IPC分类号： G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401

摘要： An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US10853270B2

公开(公告)日：2020-12-01

申请号：US16717374

申请日：2019-12-17

申请人： Intel Corporation

发明人： David M. Durham ,  Baiju Patel

IPC分类号： G06F12/14 ,  G06F21/72 ,  G06F21/55 ,  H04L29/06

摘要： A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US10152430B2

公开(公告)日：2018-12-11

申请号：US15727810

申请日：2017-10-09

申请人： Intel Corporation

发明人： David M. Durham ,  Baiju Patel

IPC分类号： G06F12/14 ,  G06F21/72 ,  G06F21/55 ,  H04L29/06

摘要： A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US09588771B2

公开(公告)日：2017-03-07

申请号：US13791298

申请日：2013-03-08

申请人： Intel Corporation

发明人： Hong Wang ,  John Shen ,  Hong Jiang ,  Richard Hankins ,  Per Hammarlund ,  Dion Rodgers ,  Gautham Chinya ,  Baiju Patel ,  Shiv Kaushik ,  Bryant Bigbee ,  Gad Sheaffer ,  Yoav Talgam ,  Yuval Yosef ,  James P. Held

IPC分类号： G06F9/38 ,  G06F9/30 ,  G06T1/20

CPC分类号： G06F9/30145 ,  G06F9/30 ,  G06F9/30181 ,  G06F9/3877 ,  G06F9/3879 ,  G06T1/20

摘要： In one embodiment, the present invention includes a method for directly communicating between an accelerator and an instruction sequencer coupled thereto, where the accelerator is a heterogeneous resource with respect to the instruction sequencer. An interface may be used to provide the communication between these resources. Via such a communication mechanism a user-level application may directly communicate with the accelerator without operating system support. Further, the instruction sequencer and the accelerator may perform operations in parallel. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，本发明包括一种用于在加速器和与其耦合的指令定序器之间直接通信的方法，其中加速器相对于指令定序器是异质资源。 可以使用接口来提供这些资源之间的通信。 通过这种通信机制，用户级应用可以直接与加速器进行通信，而无需操作系统支持。 此外，指令定序器和加速器可以并行地执行操作。 描述和要求保护其他实施例。

公开(公告)号：US11288206B2

公开(公告)日：2022-03-29

申请号：US16831381

申请日：2020-03-26

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC分类号： G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

摘要： Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US11205003B2

公开(公告)日：2021-12-21

申请号：US16832138

申请日：2020-03-27

申请人： Intel Corporation

发明人： Baiju Patel ,  Prashant Dewan

IPC分类号： G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401 ,  G06F21/71 ,  G06F21/79

摘要： An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20210319138A1

公开(公告)日：2021-10-14

申请号：US17358287

申请日：2021-06-25

申请人： Intel Corporation

发明人： Prashant Dewan ,  Baiju Patel ,  Siddhartha Chhabra ,  Ofir Shwartz ,  Kumar Dwarakanath

IPC分类号： G06F21/72 ,  G06F21/79 ,  G06F21/73 ,  G06F21/60 ,  G06F15/78 ,  G06F7/58

摘要： Methods and apparatus relating to utilization of logic and a serial number to provide persistent unique platform secret for generation of System on Chip (SOC or SoC) root keys are described. In an embodiment, stepping logic circuitry generates a stepping identifier in response to a first signal. Unique identifier logic circuitry generates a unique identifier in response to a second signal. Secret generation logic circuitry generates a key based at least in part on the stepping identifier and the unique identifier. The unique identifier is stored in persistent memory. Other embodiments are also disclosed and claimed.

公开(公告)号：US20210224202A1

公开(公告)日：2021-07-22

申请号：US17222722

申请日：2021-04-05

申请人： Intel Corporation

发明人： Siddhartha Chhabra ,  Hormuzd M. Khosravi ,  Gideon Gerzon ,  Barry E. Huntley ,  Gilbert Neiger ,  Ido Ouziel ,  Baiju Patel ,  Ravi L. Sahita ,  Amy L. Santoni ,  Ioannis T. Schoinas

IPC分类号： G06F12/14 ,  H04L29/06 ,  H04L9/06 ,  H04L9/08

摘要： In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.

公开(公告)号：US20200226071A1

公开(公告)日：2020-07-16

申请号：US16831381

申请日：2020-03-26

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC分类号： G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

摘要： Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.